On Thu, 2006-12-07 at 20:33 -0800, Jim Fenton wrote: > I'm really confused by your reply. The question is simply, "should it > be possible for an SSP record published by example.com to also apply > to sub.example.com [for any value of sub]". I don't see how it > relates to EAI, annotation, and so forth.
Blocking "exact" email-addresses not "properly" signed assumes recipients see and visually recognize addresses. When various forms of display-names are common, and when EAI changes headers to fully introduce UTF-8, no assumption or assertion that recipients will benefit by blocking "exact" email-addresses should be made. This mode of blocking is unsafe and breaks email in many cases. A superior means to prevent spoofing and provide better protection is to associate email-addresses with signing-domains, where annotations can then be applied. This is safe, does not break email, and works after EAI is introduced. With annotation rather than blocking as a basis for protection, there is no danger created by use of a sub-domain that misses a policy providing an association. Annotations are simply not applied. In an era where registries accept millions of new domains each day without payment due to fraud, there can be no expectation vsiserifying control of a domain offers proof of goodness or abates abuse. > I interpret your response as expressing the position that this should > not be a requirement. Let me know if I have that wrong. Correct. There is no need to hunt for policy in higher domains. There should be no assertion that extending policies into sub-domains offers protection either. Such claims would be imprudent. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
